Description

For the record: This bug is connected to encoded slashes in URLs & I know of the problem / necessity to have {{AllowEncodedSlashes On}} in the Apache configuration.

Problem: After an update to Zend version 1.11.1 (from an earlier version, can't remember which ) I noticed that the framework didn't build correct routes and request parameters anymore if there were encoded slashes ("%2F") in one of the URL parameters (what's between 2 "real" slashes /). Requests which worked previously failed suddenly.

My problem specifically is with double decoding plus (+) signs in params but this would be an issue with any similar character which can be decoded twice with two different results (from %2B to a plus sign to a space).

My 2 cents: I suspect that the root cause is Zend_Controller_Request_Http::setPathInfo() line 626: $requestUri = urldecode($requestUri);. As such, the fix to Zend_Rest_Route would likely need to be rolled back if my suspicion is correct.

Posted by Marc Guyer (marcguyer) on 2011-05-03T16:01:01.000+0000

It turns out that this could actually be a triple urldecode issue when Zend_Controller_Router_Route::match() comes into play and the route contains a wildcard.

It works for me with the diff from ZF-3527 and removing the urldecode from line 240 of Zend_Controller_Router_Route